b"                                                             UNITED STATES DEPARTMENT OF COMMERCE\n                                                             Office of Inspector General\n                                                             Washington. D.C. 20230\n\n\n\n\nDecember 23, 2013\n\n\nMEMORANDUM FOR:               Simon Szykman\n                              Chief Information Officer\n\n\n\nFROM:                         Allen Crawley   ~ ~~ +.-- AJvle,._ ( ~\n                              Assistant Inspector General for Systems Acquisition\n                               and IT Security\n\nSUBJECT: \t                    Audit of Commerce's Cloud-computing Environments\n\nWe plan to conduct an audit of the Department's cloud-computing efforts. This work is part of\na federal government-wide audit sponsored by the Council of Inspectors General on Integrity\nand Efficiency (CIGIE). The objectives will be to (I) evaluate the Department's efforts to adopt\ncloud-computing technologies and (2) review executed contracts between the Department's\nbureaus and cloud service providers for compliance with applicable standards. The results of\nour work will also be included in a consolidated CIGIE report.\n\nWe will contact your audit liaison to schedule an entrance conference. Our fieldwork will begin\nCommerce-wide. Based on the results of a cloud computing survey, we will make selections\nfrom bureaus as to which systems we will include in our detailed audit testing. We plan to\ninterview program officials and review pertinent records related to Commerce cloud systems.\n\nTo begin our review, we are requesting some initial documentation that we will need for the\naudit. Please provide us by January 30, 2014, with a completed cloud computing survey (see\nattachment}, in electronic form at if poss ible.\n\nIf you have any questions, please call me at (202) 482-1855 or Dr. Ping Sun, Director for IT\nSecurity, at (202) 482-6121.\n\nAttachment\n\ncc: \t   lzella Dornell, Deputy Chief Information Officer\n        Kirit Amin, Deputy Chief Information Officer and Chief Technology Officer\n        Rod Turk, Director, Office of Cyber Security, and Chief Information Security Officer\n        Brian Callahan, Chief Information Officer, BEA\n        Eddie Donnell, Acting Chief Information Officer, BIS\n        Brian McGrath, Chief Information Officer, Census\n        Mark Johnson, Acting Chief Information Officer, EDA\n        Ken Berman, Acting Chief Information Officer, ITA\n        Del Brockett, Chief Information Officer, NIST\n        Joseph Klimavicz, Chief Information Officer, NOAA\n\x0cDaniel Drew, Chief Information Officer, NTIA\nKeith Sinner, Chief Information Officer, NTIS\njohn B. Owens II, Chief Information Officer, USPTO\nSusan Schultz Searcy, Audit Liaison, Office of the Chief Information Officer\n\x0c                                                                                                                                                  CIGIE Cloud Computing Survey\n\nFederal Department:\n\nPurpose: As part of a Government-wide effort, we are soliciting information on cloud computing technologies deployed by Federal Executive Branch Departments\nInstructions: Complete the fields included within the survey for all cloud systems deployed by the respective Department/Agency and return to the Inspector General's office.\n\n\n                                                                                                                                                                                                         FIPS 199 security\n                                                                                                                                                                                                         category by type\n\n                                                                                                                                                                                   Cloud Service Model                                        Contract       Total      Signed Service    Contracting\n                                                                                 Description of                                                                Type (Iaas, SaaS,                                             Date Contract                                                                System Point of Contract Award\n   Department/Agency             IT Service Name         IT Application Name                      Cloud Service Provider Name       Reseller (If Applicable)                         (Private, Public,    C      I     A                   Length (Base +   Contract   Level Agreement      Officer's\n                                                                                    Service                                                                      PaaS, Naas)                                                   Initated                                                                       Contact           ID\n                                                                                                                                                                                   Community, Hybrid)                                      Option Years)     Value           (SLA)       Representative\n\n\n\n\nPrepared by:\nReveiewed by:\n\x0c"